summaryrefslogtreecommitdiffstats
path: root/devtools/shared/commands/inspected-window/tests
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--devtools/shared/commands/inspected-window/tests/browser.ini20
-rw-r--r--devtools/shared/commands/inspected-window/tests/browser_webextension_inspected_window.js523
-rw-r--r--devtools/shared/commands/inspected-window/tests/browser_webextension_inspected_window_access.js315
-rw-r--r--devtools/shared/commands/inspected-window/tests/head.js12
-rw-r--r--devtools/shared/commands/inspected-window/tests/inspectedwindow-reload-target.sjs89
5 files changed, 959 insertions, 0 deletions
diff --git a/devtools/shared/commands/inspected-window/tests/browser.ini b/devtools/shared/commands/inspected-window/tests/browser.ini
new file mode 100644
index 0000000000..d3b5ce5fbc
--- /dev/null
+++ b/devtools/shared/commands/inspected-window/tests/browser.ini
@@ -0,0 +1,20 @@
+[DEFAULT]
+tags = devtools
+subsuite = devtools
+support-files =
+ !/devtools/client/shared/test/shared-head.js
+ !/devtools/client/shared/test/telemetry-test-helpers.js
+ !/devtools/client/shared/test/highlighter-test-actor.js
+ head.js
+ inspectedwindow-reload-target.sjs
+
+prefs =
+ # restrictedDomains must be set as early as possible, before the first use of
+ # the preference. browser_webextension_inspected_window_access.js relies on
+ # this pref to be set. We cannot use "prefs =" at the individual file, because
+ # another test in this manifest may already have resulted in browser startup.
+ extensions.webextensions.restrictedDomains=test2.example.com
+
+[browser_webextension_inspected_window.js]
+[browser_webextension_inspected_window_access.js]
+skip-if = http3 \ No newline at end of file
diff --git a/devtools/shared/commands/inspected-window/tests/browser_webextension_inspected_window.js b/devtools/shared/commands/inspected-window/tests/browser_webextension_inspected_window.js
new file mode 100644
index 0000000000..bf2b752e4d
--- /dev/null
+++ b/devtools/shared/commands/inspected-window/tests/browser_webextension_inspected_window.js
@@ -0,0 +1,523 @@
+/* Any copyright is dedicated to the Public Domain.
+ http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const TEST_RELOAD_URL = `${URL_ROOT_SSL}/inspectedwindow-reload-target.sjs`;
+
+async function setup(pageUrl) {
+ // Disable bfcache for Fission for now.
+ // If Fission is disabled, the pref is no-op.
+ await SpecialPowers.pushPrefEnv({
+ set: [["fission.bfcacheInParent", false]],
+ });
+
+ const extension = ExtensionTestUtils.loadExtension({
+ background() {
+ // This is just an empty extension used to ensure that the caller extension uuid
+ // actually exists.
+ },
+ });
+
+ await extension.startup();
+
+ const fakeExtCallerInfo = {
+ url: WebExtensionPolicy.getByID(extension.id).getURL(
+ "fake-caller-script.js"
+ ),
+ lineNumber: 1,
+ addonId: extension.id,
+ };
+
+ const tab = await addTab(pageUrl);
+
+ const commands = await CommandsFactory.forTab(tab, { isWebExtension: true });
+ await commands.targetCommand.startListening();
+
+ const webConsoleFront = await commands.targetCommand.targetFront.getFront(
+ "console"
+ );
+
+ return {
+ webConsoleFront,
+ commands,
+ extension,
+ fakeExtCallerInfo,
+ };
+}
+
+async function teardown({ commands, extension }) {
+ await commands.destroy();
+ gBrowser.removeCurrentTab();
+ await extension.unload();
+}
+
+function waitForNextTabNavigated(commands) {
+ const target = commands.targetCommand.targetFront;
+ return new Promise(resolve => {
+ target.on("tabNavigated", function tabNavigatedListener(pkt) {
+ if (pkt.state == "stop" && !pkt.isFrameSwitching) {
+ target.off("tabNavigated", tabNavigatedListener);
+ resolve();
+ }
+ });
+ });
+}
+
+// Script used as the injectedScript option in the inspectedWindow.reload tests.
+function injectedScript() {
+ if (!window.pageScriptExecutedFirst) {
+ window.addEventListener(
+ "DOMContentLoaded",
+ function () {
+ if (document.querySelector("pre")) {
+ document.querySelector("pre").textContent =
+ "injected script executed first";
+ }
+ },
+ { once: true }
+ );
+ }
+}
+
+// Script evaluated in the target tab, to collect the results of injectedScript
+// evaluation in the inspectedWindow.reload tests.
+function collectEvalResults() {
+ const results = [];
+ let iframeDoc = document;
+
+ while (iframeDoc) {
+ if (iframeDoc.querySelector("pre")) {
+ results.push(iframeDoc.querySelector("pre").textContent);
+ }
+ const iframe = iframeDoc.querySelector("iframe");
+ iframeDoc = iframe ? iframe.contentDocument : null;
+ }
+ return JSON.stringify(results);
+}
+
+add_task(async function test_successfull_inspectedWindowEval_result() {
+ const { commands, extension, fakeExtCallerInfo } = await setup(URL_ROOT_SSL);
+
+ const result = await commands.inspectedWindowCommand.eval(
+ fakeExtCallerInfo,
+ "window.location",
+ {}
+ );
+
+ ok(result.value, "Got a result from inspectedWindow eval");
+ is(
+ result.value.href,
+ URL_ROOT_SSL,
+ "Got the expected window.location.href property value"
+ );
+ is(
+ result.value.protocol,
+ "https:",
+ "Got the expected window.location.protocol property value"
+ );
+
+ await teardown({ commands, extension });
+});
+
+add_task(async function test_successfull_inspectedWindowEval_resultAsGrip() {
+ const { commands, extension, fakeExtCallerInfo, webConsoleFront } =
+ await setup(URL_ROOT_SSL);
+
+ let result = await commands.inspectedWindowCommand.eval(
+ fakeExtCallerInfo,
+ "window",
+ {
+ evalResultAsGrip: true,
+ toolboxConsoleActorID: webConsoleFront.actor,
+ }
+ );
+
+ ok(result.valueGrip, "Got a result from inspectedWindow eval");
+ ok(result.valueGrip.actor, "Got a object actor as expected");
+ is(result.valueGrip.type, "object", "Got a value grip of type object");
+ is(
+ result.valueGrip.class,
+ "Window",
+ "Got a value grip which is instanceof Location"
+ );
+
+ // Test invalid evalResultAsGrip request.
+ result = await commands.inspectedWindowCommand.eval(
+ fakeExtCallerInfo,
+ "window",
+ {
+ evalResultAsGrip: true,
+ }
+ );
+
+ ok(
+ !result.value && !result.valueGrip,
+ "Got a null result from the invalid inspectedWindow eval call"
+ );
+ ok(
+ result.exceptionInfo.isError,
+ "Got an API Error result from inspectedWindow eval"
+ );
+ ok(
+ !result.exceptionInfo.isException,
+ "An error isException is false as expected"
+ );
+ is(
+ result.exceptionInfo.code,
+ "E_PROTOCOLERROR",
+ "Got the expected 'code' property in the error result"
+ );
+ is(
+ result.exceptionInfo.description,
+ "Inspector protocol error: %s - %s",
+ "Got the expected 'description' property in the error result"
+ );
+ is(
+ result.exceptionInfo.details.length,
+ 2,
+ "The 'details' array property should contains 1 element"
+ );
+ is(
+ result.exceptionInfo.details[0],
+ "Unexpected invalid sidebar panel expression request",
+ "Got the expected content in the error results's details"
+ );
+ is(
+ result.exceptionInfo.details[1],
+ "missing toolboxConsoleActorID",
+ "Got the expected content in the error results's details"
+ );
+
+ await teardown({ commands, extension });
+});
+
+add_task(async function test_error_inspectedWindowEval_result() {
+ const { commands, extension, fakeExtCallerInfo } = await setup(URL_ROOT_SSL);
+
+ const result = await commands.inspectedWindowCommand.eval(
+ fakeExtCallerInfo,
+ "window",
+ {}
+ );
+
+ ok(!result.value, "Got a null result from inspectedWindow eval");
+ ok(
+ result.exceptionInfo.isError,
+ "Got an API Error result from inspectedWindow eval"
+ );
+ ok(
+ !result.exceptionInfo.isException,
+ "An error isException is false as expected"
+ );
+ is(
+ result.exceptionInfo.code,
+ "E_PROTOCOLERROR",
+ "Got the expected 'code' property in the error result"
+ );
+ is(
+ result.exceptionInfo.description,
+ "Inspector protocol error: %s",
+ "Got the expected 'description' property in the error result"
+ );
+ is(
+ result.exceptionInfo.details.length,
+ 1,
+ "The 'details' array property should contains 1 element"
+ );
+ ok(
+ result.exceptionInfo.details[0].includes("cyclic object value"),
+ "Got the expected content in the error results's details"
+ );
+
+ await teardown({ commands, extension });
+});
+
+add_task(async function test_exception_inspectedWindowEval_result() {
+ const { commands, extension, fakeExtCallerInfo } = await setup(URL_ROOT_SSL);
+
+ const result = await commands.inspectedWindowCommand.eval(
+ fakeExtCallerInfo,
+ "throw Error('fake eval error');",
+ {}
+ );
+
+ ok(result.exceptionInfo.isException, "Got an exception as expected");
+ ok(!result.value, "Got an undefined eval value");
+ ok(!result.exceptionInfo.isError, "An exception should not be isError=true");
+ ok(
+ result.exceptionInfo.value.includes("Error: fake eval error"),
+ "Got the expected exception message"
+ );
+
+ const expectedCallerInfo = `called from ${fakeExtCallerInfo.url}:${fakeExtCallerInfo.lineNumber}`;
+ ok(
+ result.exceptionInfo.value.includes(expectedCallerInfo),
+ "Got the expected caller info in the exception message"
+ );
+
+ const expectedStack = `eval code:1:7`;
+ ok(
+ result.exceptionInfo.value.includes(expectedStack),
+ "Got the expected stack trace in the exception message"
+ );
+
+ await teardown({ commands, extension });
+});
+
+add_task(async function test_exception_inspectedWindowReload() {
+ const { commands, extension, fakeExtCallerInfo } = await setup(
+ `${TEST_RELOAD_URL}?test=cache`
+ );
+
+ // Test reload with bypassCache=false.
+
+ const waitForNoBypassCacheReload = waitForNextTabNavigated(commands);
+ const reloadResult = await commands.inspectedWindowCommand.reload(
+ fakeExtCallerInfo,
+ {
+ ignoreCache: false,
+ }
+ );
+
+ ok(
+ !reloadResult,
+ "Got the expected undefined result from inspectedWindow reload"
+ );
+
+ await waitForNoBypassCacheReload;
+
+ const noBypassCacheEval = await commands.scriptCommand.execute(
+ "document.body.textContent"
+ );
+
+ is(
+ noBypassCacheEval.result,
+ "empty cache headers",
+ "Got the expected result with reload forceBypassCache=false"
+ );
+
+ // Test reload with bypassCache=true.
+
+ const waitForForceBypassCacheReload = waitForNextTabNavigated(commands);
+ await commands.inspectedWindowCommand.reload(fakeExtCallerInfo, {
+ ignoreCache: true,
+ });
+
+ await waitForForceBypassCacheReload;
+
+ const forceBypassCacheEval = await commands.scriptCommand.execute(
+ "document.body.textContent"
+ );
+
+ is(
+ forceBypassCacheEval.result,
+ "no-cache:no-cache",
+ "Got the expected result with reload forceBypassCache=true"
+ );
+
+ await teardown({ commands, extension });
+});
+
+add_task(async function test_exception_inspectedWindowReload_customUserAgent() {
+ const { commands, extension, fakeExtCallerInfo } = await setup(
+ `${TEST_RELOAD_URL}?test=user-agent`
+ );
+
+ // Test reload with custom userAgent.
+
+ const waitForCustomUserAgentReload = waitForNextTabNavigated(commands);
+ await commands.inspectedWindowCommand.reload(fakeExtCallerInfo, {
+ userAgent: "Customized User Agent",
+ });
+
+ await waitForCustomUserAgentReload;
+
+ const customUserAgentEval = await commands.scriptCommand.execute(
+ "document.body.textContent"
+ );
+
+ is(
+ customUserAgentEval.result,
+ "Customized User Agent",
+ "Got the expected result on reload with a customized userAgent"
+ );
+
+ // Test reload with no custom userAgent.
+
+ const waitForNoCustomUserAgentReload = waitForNextTabNavigated(commands);
+ await commands.inspectedWindowCommand.reload(fakeExtCallerInfo, {});
+
+ await waitForNoCustomUserAgentReload;
+
+ const noCustomUserAgentEval = await commands.scriptCommand.execute(
+ "document.body.textContent"
+ );
+
+ is(
+ noCustomUserAgentEval.result,
+ window.navigator.userAgent,
+ "Got the expected result with reload without a customized userAgent"
+ );
+
+ await teardown({ commands, extension });
+});
+
+add_task(async function test_exception_inspectedWindowReload_injectedScript() {
+ const { commands, extension, fakeExtCallerInfo } = await setup(
+ `${TEST_RELOAD_URL}?test=injected-script&frames=3`
+ );
+
+ // Test reload with an injectedScript.
+
+ const waitForInjectedScriptReload = waitForNextTabNavigated(commands);
+ await commands.inspectedWindowCommand.reload(fakeExtCallerInfo, {
+ injectedScript: `new ${injectedScript}`,
+ });
+ await waitForInjectedScriptReload;
+
+ const injectedScriptEval = await commands.scriptCommand.execute(
+ `(${collectEvalResults})()`
+ );
+
+ const expectedResult = new Array(5).fill("injected script executed first");
+
+ SimpleTest.isDeeply(
+ JSON.parse(injectedScriptEval.result),
+ expectedResult,
+ "Got the expected result on reload with an injected script"
+ );
+
+ // Test reload without an injectedScript.
+
+ const waitForNoInjectedScriptReload = waitForNextTabNavigated(commands);
+ await commands.inspectedWindowCommand.reload(fakeExtCallerInfo, {});
+ await waitForNoInjectedScriptReload;
+
+ const noInjectedScriptEval = await commands.scriptCommand.execute(
+ `(${collectEvalResults})()`
+ );
+
+ const newExpectedResult = new Array(5).fill("injected script NOT executed");
+
+ SimpleTest.isDeeply(
+ JSON.parse(noInjectedScriptEval.result),
+ newExpectedResult,
+ "Got the expected result on reload with no injected script"
+ );
+
+ await teardown({ commands, extension });
+});
+
+add_task(async function test_exception_inspectedWindowReload_multiple_calls() {
+ const { commands, extension, fakeExtCallerInfo } = await setup(
+ `${TEST_RELOAD_URL}?test=user-agent`
+ );
+
+ // Test reload with custom userAgent three times (and then
+ // check that only the first one has affected the page reload.
+
+ const waitForCustomUserAgentReload = waitForNextTabNavigated(commands);
+
+ commands.inspectedWindowCommand.reload(fakeExtCallerInfo, {
+ userAgent: "Customized User Agent 1",
+ });
+ commands.inspectedWindowCommand.reload(fakeExtCallerInfo, {
+ userAgent: "Customized User Agent 2",
+ });
+
+ await waitForCustomUserAgentReload;
+
+ const customUserAgentEval = await commands.scriptCommand.execute(
+ "document.body.textContent"
+ );
+
+ is(
+ customUserAgentEval.result,
+ "Customized User Agent 1",
+ "Got the expected result on reload with a customized userAgent"
+ );
+
+ // Test reload with no custom userAgent.
+
+ const waitForNoCustomUserAgentReload = waitForNextTabNavigated(commands);
+ await commands.inspectedWindowCommand.reload(fakeExtCallerInfo, {});
+
+ await waitForNoCustomUserAgentReload;
+
+ const noCustomUserAgentEval = await commands.scriptCommand.execute(
+ "document.body.textContent"
+ );
+
+ is(
+ noCustomUserAgentEval.result,
+ window.navigator.userAgent,
+ "Got the expected result with reload without a customized userAgent"
+ );
+
+ await teardown({ commands, extension });
+});
+
+add_task(async function test_exception_inspectedWindowReload_stopped() {
+ const { commands, extension, fakeExtCallerInfo } = await setup(
+ `${TEST_RELOAD_URL}?test=injected-script&frames=3`
+ );
+
+ // Test reload on a page that calls window.stop() immediately during the page loading
+
+ const waitForPageLoad = waitForNextTabNavigated(commands);
+ await commands.inspectedWindowCommand.eval(
+ fakeExtCallerInfo,
+ "window.location += '&stop=windowStop'"
+ );
+
+ info("Load a webpage that calls 'window.stop()' while is still loading");
+ await waitForPageLoad;
+
+ info("Starting a reload with an injectedScript");
+ const waitForInjectedScriptReload = waitForNextTabNavigated(commands);
+ await commands.inspectedWindowCommand.reload(fakeExtCallerInfo, {
+ injectedScript: `new ${injectedScript}`,
+ });
+ await waitForInjectedScriptReload;
+
+ const injectedScriptEval = await commands.scriptCommand.execute(
+ `(${collectEvalResults})()`
+ );
+
+ // The page should have stopped during the reload and only one injected script
+ // is expected.
+ const expectedResult = new Array(1).fill("injected script executed first");
+
+ SimpleTest.isDeeply(
+ JSON.parse(injectedScriptEval.result),
+ expectedResult,
+ "The injected script has been executed on the 'stopped' page reload"
+ );
+
+ // Reload again with no options.
+
+ info("Reload the tab again without any reload options");
+ const waitForNoInjectedScriptReload = waitForNextTabNavigated(commands);
+ await commands.inspectedWindowCommand.reload(fakeExtCallerInfo, {});
+ await waitForNoInjectedScriptReload;
+
+ const noInjectedScriptEval = await commands.scriptCommand.execute(
+ `(${collectEvalResults})()`
+ );
+
+ // The page should have stopped during the reload and no injected script should
+ // have been executed during this second reload (or it would mean that the previous
+ // customized reload was still pending and has wrongly affected the second reload)
+ const newExpectedResult = new Array(1).fill("injected script NOT executed");
+
+ SimpleTest.isDeeply(
+ JSON.parse(noInjectedScriptEval.result),
+ newExpectedResult,
+ "No injectedScript should have been evaluated during the second reload"
+ );
+
+ await teardown({ commands, extension });
+});
+
+// TODO: check eval with $0 binding once implemented (Bug 1300590)
diff --git a/devtools/shared/commands/inspected-window/tests/browser_webextension_inspected_window_access.js b/devtools/shared/commands/inspected-window/tests/browser_webextension_inspected_window_access.js
new file mode 100644
index 0000000000..3b32bb0aaa
--- /dev/null
+++ b/devtools/shared/commands/inspected-window/tests/browser_webextension_inspected_window_access.js
@@ -0,0 +1,315 @@
+/* Any copyright is dedicated to the Public Domain.
+ http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+async function run_inspectedWindow_eval({ tab, codeToEval, extension }) {
+ const fakeExtCallerInfo = {
+ url: `moz-extension://${extension.uuid}/another/fake-caller-script.js`,
+ lineNumber: 1,
+ addonId: extension.id,
+ };
+ const commands = await CommandsFactory.forTab(tab, { isWebExtension: true });
+ await commands.targetCommand.startListening();
+ const result = await commands.inspectedWindowCommand.eval(
+ fakeExtCallerInfo,
+ codeToEval,
+ {}
+ );
+ await commands.destroy();
+ return result;
+}
+
+async function openAboutBlankTabWithExtensionOrigin(extension) {
+ const tab = await BrowserTestUtils.openNewForegroundTab(
+ gBrowser,
+ `moz-extension://${extension.uuid}/manifest.json`
+ );
+ const loaded = BrowserTestUtils.browserLoaded(tab.linkedBrowser);
+ await ContentTask.spawn(tab.linkedBrowser, null, () => {
+ // about:blank inherits the principal when opened from content.
+ content.wrappedJSObject.location.assign("about:blank");
+ });
+ await loaded;
+ // Sanity checks:
+ is(tab.linkedBrowser.currentURI.spec, "about:blank", "expected tab");
+ is(
+ tab.linkedBrowser.contentPrincipal.originNoSuffix,
+ `moz-extension://${extension.uuid}`,
+ "about:blank should be at the extension origin"
+ );
+ return tab;
+}
+
+async function checkEvalResult({
+ extension,
+ description,
+ url,
+ createTab = () => BrowserTestUtils.openNewForegroundTab(gBrowser, url),
+ expectedResult,
+}) {
+ const tab = await createTab();
+ is(tab.linkedBrowser.currentURI.spec, url, "Sanity check: tab URL");
+ const result = await run_inspectedWindow_eval({
+ tab,
+ codeToEval: "'code executed at ' + location.href",
+ extension,
+ });
+ BrowserTestUtils.removeTab(tab);
+ SimpleTest.isDeeply(
+ result,
+ expectedResult,
+ `eval result for devtools.inspectedWindow.eval at ${url} (${description})`
+ );
+}
+
+async function checkEvalAllowed({ extension, description, url, createTab }) {
+ info(`checkEvalAllowed: ${description} (at URL: ${url})`);
+ await checkEvalResult({
+ extension,
+ description,
+ url,
+ createTab,
+ expectedResult: { value: `code executed at ${url}` },
+ });
+}
+async function checkEvalDenied({ extension, description, url, createTab }) {
+ info(`checkEvalDenied: ${description} (at URL: ${url})`);
+ await checkEvalResult({
+ extension,
+ description,
+ url,
+ createTab,
+ expectedResult: {
+ exceptionInfo: {
+ isError: true,
+ code: "E_PROTOCOLERROR",
+ details: [
+ "This extension is not allowed on the current inspected window origin",
+ ],
+ description: "Inspector protocol error: %s",
+ },
+ },
+ });
+}
+
+add_task(async function test_eval_at_http() {
+ await SpecialPowers.pushPrefEnv({
+ set: [["dom.security.https_first", false]],
+ });
+
+ // eslint-disable-next-line @microsoft/sdl/no-insecure-url
+ const httpUrl = "http://example.com/";
+
+ // When running with --use-http3-server, http:-URLs cannot be loaded.
+ try {
+ await fetch(httpUrl);
+ } catch {
+ info("Skipping test_eval_at_http because http:-URL cannot be loaded");
+ return;
+ }
+
+ const extension = ExtensionTestUtils.loadExtension({});
+ await extension.startup();
+
+ await checkEvalAllowed({
+ extension,
+ description: "http:-URL",
+ url: httpUrl,
+ });
+ await extension.unload();
+
+ await SpecialPowers.popPrefEnv();
+});
+
+add_task(async function test_eval_at_https() {
+ const extension = ExtensionTestUtils.loadExtension({});
+ await extension.startup();
+
+ const privilegedExtension = ExtensionTestUtils.loadExtension({
+ isPrivileged: true,
+ });
+ await privilegedExtension.startup();
+
+ await checkEvalAllowed({
+ extension,
+ description: "https:-URL",
+ url: "https://example.com/",
+ });
+
+ await checkEvalDenied({
+ extension,
+ description: "a restricted domain",
+ // Domain in extensions.webextensions.restrictedDomains by browser.toml.
+ url: "https://test2.example.com/",
+ });
+
+ await SpecialPowers.pushPrefEnv({
+ set: [["extensions.quarantinedDomains.list", "example.com"]],
+ });
+
+ await checkEvalDenied({
+ extension,
+ description: "a quarantined domain",
+ url: "https://example.com/",
+ });
+
+ await checkEvalAllowed({
+ extension: privilegedExtension,
+ description: "a quarantined domain",
+ url: "https://example.com/",
+ });
+
+ await SpecialPowers.popPrefEnv();
+
+ await extension.unload();
+ await privilegedExtension.unload();
+});
+
+add_task(async function test_eval_at_sandboxed_page() {
+ const extension = ExtensionTestUtils.loadExtension({});
+ await extension.startup();
+
+ await checkEvalAllowed({
+ extension,
+ description: "page with CSP sandbox",
+ url: "https://example.com/document-builder.sjs?headers=Content-Security-Policy:sandbox&html=x",
+ });
+ await checkEvalDenied({
+ extension,
+ description: "restricted domain with CSP sandbox",
+ url: "https://test2.example.com/document-builder.sjs?headers=Content-Security-Policy:sandbox&html=x",
+ });
+
+ await extension.unload();
+});
+
+add_task(async function test_eval_at_own_extension_origin_allowed() {
+ const extension = ExtensionTestUtils.loadExtension({
+ background() {
+ // eslint-disable-next-line no-undef
+ browser.test.sendMessage(
+ "blob_url",
+ URL.createObjectURL(new Blob(["blob: here", { type: "text/html" }]))
+ );
+ },
+ files: {
+ "mozext.html": `<!DOCTYPE html>moz-extension: here`,
+ },
+ });
+ await extension.startup();
+ const blobUrl = await extension.awaitMessage("blob_url");
+
+ await checkEvalAllowed({
+ extension,
+ description: "moz-extension:-URL from own extension",
+ url: `moz-extension://${extension.uuid}/mozext.html`,
+ });
+ await checkEvalAllowed({
+ extension,
+ description: "blob:-URL from own extension",
+ url: blobUrl,
+ });
+ await checkEvalAllowed({
+ extension,
+ description: "about:blank with origin from own extension",
+ url: "about:blank",
+ createTab: () => openAboutBlankTabWithExtensionOrigin(extension),
+ });
+
+ await extension.unload();
+});
+
+add_task(async function test_eval_at_other_extension_denied() {
+ // The extension for which we simulate devtools_page, chosen as caller of
+ // devtools.inspectedWindow.eval API calls.
+ const extension = ExtensionTestUtils.loadExtension({});
+ await extension.startup();
+
+ // The other extension, that |extension| should not be able to access:
+ const otherExt = ExtensionTestUtils.loadExtension({
+ background() {
+ // eslint-disable-next-line no-undef
+ browser.test.sendMessage(
+ "blob_url",
+ URL.createObjectURL(new Blob(["blob: here", { type: "text/html" }]))
+ );
+ },
+ files: {
+ "mozext.html": `<!DOCTYPE html>moz-extension: here`,
+ },
+ });
+ await otherExt.startup();
+ const otherExtBlobUrl = await otherExt.awaitMessage("blob_url");
+
+ await checkEvalDenied({
+ extension,
+ description: "moz-extension:-URL from another extension",
+ url: `moz-extension://${otherExt.uuid}/mozext.html`,
+ });
+ await checkEvalDenied({
+ extension,
+ description: "blob:-URL from another extension",
+ url: otherExtBlobUrl,
+ });
+ await checkEvalDenied({
+ extension,
+ description: "about:blank with origin from another extension",
+ url: "about:blank",
+ createTab: () => openAboutBlankTabWithExtensionOrigin(otherExt),
+ });
+
+ await otherExt.unload();
+ await extension.unload();
+});
+
+add_task(async function test_eval_at_about() {
+ const extension = ExtensionTestUtils.loadExtension({});
+ await extension.startup();
+ await checkEvalAllowed({
+ extension,
+ description: "about:blank (null principal)",
+ url: "about:blank",
+ });
+ await checkEvalDenied({
+ extension,
+ description: "about:addons (system principal)",
+ url: "about:addons",
+ });
+ await checkEvalDenied({
+ extension,
+ description: "about:robots (about page)",
+ url: "about:robots",
+ });
+ await extension.unload();
+});
+
+add_task(async function test_eval_at_file() {
+ // FYI: There is also an equivalent test case with a full end-to-end test at:
+ // browser/components/extensions/test/browser/browser_ext_devtools_inspectedWindow_eval_file.js
+
+ const extension = ExtensionTestUtils.loadExtension({});
+ await extension.startup();
+
+ // A dummy file URL that can be loaded in a tab.
+ const fileUrl =
+ "file://" +
+ getTestFilePath("browser_webextension_inspected_window_access.js");
+
+ // checkEvalAllowed test helper cannot be used, because the file:-URL may
+ // redirect elsewhere, so the comparison with the full URL fails.
+ const tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, fileUrl);
+ const result = await run_inspectedWindow_eval({
+ tab,
+ codeToEval: "'code executed at ' + location.protocol",
+ extension,
+ });
+ BrowserTestUtils.removeTab(tab);
+ SimpleTest.isDeeply(
+ result,
+ { value: "code executed at file:" },
+ `eval result for devtools.inspectedWindow.eval at ${fileUrl}`
+ );
+
+ await extension.unload();
+});
diff --git a/devtools/shared/commands/inspected-window/tests/head.js b/devtools/shared/commands/inspected-window/tests/head.js
new file mode 100644
index 0000000000..ce65b3d827
--- /dev/null
+++ b/devtools/shared/commands/inspected-window/tests/head.js
@@ -0,0 +1,12 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+/* eslint no-unused-vars: [2, {"vars": "local"}] */
+
+Services.scriptloader.loadSubScript(
+ "chrome://mochitests/content/browser/devtools/client/shared/test/shared-head.js",
+ this
+);
diff --git a/devtools/shared/commands/inspected-window/tests/inspectedwindow-reload-target.sjs b/devtools/shared/commands/inspected-window/tests/inspectedwindow-reload-target.sjs
new file mode 100644
index 0000000000..2ec17a9222
--- /dev/null
+++ b/devtools/shared/commands/inspected-window/tests/inspectedwindow-reload-target.sjs
@@ -0,0 +1,89 @@
+"use strict";
+
+Cu.importGlobalProperties(["URLSearchParams"]);
+
+function handleRequest(request, response) {
+ const params = new URLSearchParams(request.queryString);
+
+ switch (params.get("test")) {
+ case "cache":
+ handleCacheTestRequest(request, response);
+ break;
+
+ case "user-agent":
+ handleUserAgentTestRequest(request, response);
+ break;
+
+ case "injected-script":
+ handleInjectedScriptTestRequest(request, response, params);
+ break;
+ }
+}
+
+function handleCacheTestRequest(request, response) {
+ response.setHeader("Content-Type", "text/plain; charset=UTF-8", false);
+
+ if (request.hasHeader("pragma") && request.hasHeader("cache-control")) {
+ response.write(
+ `${request.getHeader("pragma")}:${request.getHeader("cache-control")}`
+ );
+ } else {
+ response.write("empty cache headers");
+ }
+}
+
+function handleUserAgentTestRequest(request, response) {
+ response.setHeader("Content-Type", "text/plain; charset=UTF-8", false);
+
+ if (request.hasHeader("user-agent")) {
+ response.write(request.getHeader("user-agent"));
+ } else {
+ response.write("no user agent header");
+ }
+}
+
+function handleInjectedScriptTestRequest(request, response, params) {
+ response.setHeader("Content-Type", "text/html; charset=UTF-8", false);
+
+ const frames = parseInt(params.get("frames"), 10);
+ let content = "";
+
+ if (frames > 0) {
+ // Output an iframe in seamless mode, so that there is an higher chance that in case
+ // of test failures we get a screenshot where the nested iframes are all visible.
+ content = `<iframe seamless src="?test=injected-script&frames=${
+ frames - 1
+ }"></iframe>`;
+ } else {
+ // Output an about:srcdoc frame to be sure that inspectedWindow.eval is able to
+ // evaluate js code into it.
+ const srcdoc = `
+ <pre>injected script NOT executed</pre>
+ <script>window.pageScriptExecutedFirst = true</script>
+ `;
+ content = `<iframe style="height: 30px;" srcdoc="${srcdoc}"></iframe>`;
+ }
+
+ if (params.get("stop") == "windowStop") {
+ content = "<script>window.stop();</script>" + content;
+ }
+
+ response.write(`<!DOCTYPE html>
+ <html>
+ <head>
+ <meta charset="utf-8">
+ <style>
+ iframe { width: 100%; height: ${frames * 150}px; }
+ </style>
+ </head>
+ <body>
+ <h1>IFRAME ${frames}</h1>
+ <pre>injected script NOT executed</pre>
+ <script>
+ window.pageScriptExecutedFirst = true;
+ </script>
+ ${content}
+ </body>
+ </html>
+ `);
+}